Syhunt Community is a hybrid static and dynamic web application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detailed vulnerability information - Syhunt is also composed by a deep crawler able to fully map a website structure and an automated injector able to adapt, mutate, analyze and test the web application response to thousands of different web attacks.
- Added source code scan for Node.js based web applications. Syhunt 6.2 is able to scan the source code of the Node.js web applications for security vulnerabilities with coverage for the Express and Koa frameworks. Version 6.2 adds code checks targeting Node.js web apps, covering: Cross-Site Scripting (XSS), Code Injection, HTTP Header Injection, Log Forging and more.
- Added the ability to scan the source code of Java EE and JSP web applications for security vulnerabilities. Syhunt tested and reviewed the 6.1 code scanner results with the help of over 1600 vulnerable Java web apps originated from the WAVSEP project, the NIST SAMATE project and Syhunt Lab's own test cases, reaching highly accurate detection rates of security flaws.
- Added the ability to scan (though in beta form) the source code of Lua-based web applications compatible with Apache's mod_lua, CGILua and Lua Pages for vulnerabilities such as XSS, Code Injection, HTTP Header Injection and more.
- Other improvements:
- Improved XSS detection in multiple languages (classic ASP, ASP.NET & PSP).
- Improved input filtering analysis.
- Improved speed (scan optimization).
- Improved support for short write tag in multiple languages.
- Automatic Python WSGI script detection.